The Company recognizes the importance of risk management integration policy to ensure the Company's steady growth

Corporate Risk and Crisis Management

The Company recognizes the importance of risk management
integration policy to ensure the Company's steady growth

The Company recognizes the importance of risk management integration policy to ensure the Company's steady growth with reduced or minimum damages caused by surrounding environmental and potential risks, which could have damaged the Company's employees, assets, business operations, and reputation.

Executives and the employees are to adhere to the risk management policy so as to create awareness, collaborate, and streamline the risk management practices throughout the organization. Risk management processes and the level of manageable risk at an appropriate level are clearly defined, and in-line with the risk management strategies, action plans, and activity plans of all units. This includes such measures as continued risk assessments, review, enhancement, development of risk management process, as well as the annual review of risk management policy. Such measures aim to ensure the Company's risk management process and policy are in place and able to respond positively to the changing business environment. The Company shall appoint the Risk Management Committee to oversee and manage the overall risk management of the organization, who are required to submit quarterly risk reports to the Audit Committee.

Management Approach

I. Policy

Risk Management Policy that covers the overall of organization risk management and systematically connects other management systems throughout the organization.

II. Responsible Organization

The Board appointed the Risk Management Committee (RMC), consisting of 4 Board members with responsibilities to

form and define policy and framework for risk management,

provide recommendation,

monitor and support operations relating to organization risk management to align with strategies and goals in any situations, and

screening high value projects that will gain the trust and confidence of all stakeholders.

For more information on the responsibilities of Risk Management Committee,
click

The Company recognizes the importance of risk management integration policy to ensure the Company's steady growth with reduced or minimum damages caused by surrounding environmental and potential risks, which could have damaged the Company's employees, assets, business operations, and reputation.

Executives and the employees are to adhere to the risk management policy so as to create awareness, collaborate, and streamline the risk management practices throughout the organization. Risk management processes and the level of manageable risk at an appropriate level are clearly defined, and in-line with the risk management strategies, action plans, and activity plans of all units. This includes such measures as continued risk assessments, review, enhancement, development of risk management process, as well as the annual review of risk management policy. Such measures aim to ensure the Company's risk management process and policy are in place and able to respond positively to the changing business environment. The Company shall appoint the Risk Management Committee to oversee and manage the overall risk management of the organization, who are required to submit quarterly risk reports to the Audit Committee.

Risk Correlation
The risk analysis was initially identified the correlation addressing the utmost impact to IRPC business, of which resulting in price volatility of raw materials and products as business risk and foreign exchange rate and Interest as financial risk. The statistically data from the previous 3 years have been considered and finding the mathematical equation correlation to forecast the future risk.
Sensitivity Analysis and Stress Testing

It is important to IRPC to implement internal control processes to comply with existing regulations and be proactive in developing their control mechanisms. Sensitivity analysis and stress testing is considered as part of an effective risk and crisis management. Sensitivity analysis and stress testing should be performed in order to better capture more extreme versions or more uncommon types of risks in addition to financial risk.

Emerging Risks

IRPC is aware of the long-term risks that company faces and the impacts of these risks on its business. IRPC shows its ability to identify risks that may arise in the next 3-5 years which will result in opportunity loss for the company if it is not appropriately managed. For this reason, IRPC has implemented assessment of the emerging risks such as risk from the changing free trade areas and trade rules.

Description of risk

Potential business impact of the risk

Mitigating actions

Risk of Changing Trading Regulation or New Trade Area for example, Eastern Economic Corridor (EEC) that will affect with business threat and opportunities.

The effect of changing trading regulation to product development and market opportunities, as well as to promote the new product research in order to respond the customer’s various needs, for instance, green and energy saving product, etc.

Comprehensively investigate this matter, including growth in sales and marketing, exploitation of IRPC’s land, industries that promote infrastructure and public utilities, and potential privileges.

Poised to handle impacts such as the development of an urban society. To elaborate, population migration and denser communities around the industrial zone could mean more conflicts or more complaints.

Risk of EV car technology, which would affect IRPC’s future.

IRPC will be affected from EV car technology particularly the petroleum product group, including gasoline, diesel, and lubricants, in view of the likely drop in fuel sales volumes as the number of EV cars grows.

Business transition from petroleum to more petrochemicals, product R&D that caters to markets of the future, and establishment of cooperation with business partners to grow markets or seek more sources to place IRPC’s products

Strong risk culture throughout the organization is a key to the development of an effective risk and crisis management. IRPC ensures that the importance of risk is understood and risk mitigation plans are well-followed by all employees through individual’s performance review, compensation, training on risk management principles, potential risk reporting mechanism for all employee, etc.

IRPC has developed financial incentives which incorporate risk management metrics. For senior executives, financial incentive is tied in with business performance and risk management performance using the KPIs. For Non-financial incentive we will develop “ERM Ambassador and ERM Auditor” that exemplify all employees for level of care and Adherence to rules behavior that form individual behavior to organization behavior or risk culture. For line managers, their business performance and risk management performance is tied with financial incentive through KPIs.

Incorporating risk criteria in the product development or approval process
IRPC incorporates risk criteria and fully integrate our risk management practices in product & business development processes to ensure that we have reduce impact of risks from market situations, competitors’ action as well as environmental and social factors to the point where it has little or no impact to our businesses.

Measuring of Risk Culture Effectiveness
As The IRPC risk culture model for measuring of risk culture effectiveness, we evaluate aspect behaviour of management by RCSA (Risk Control Self-Assessment) score, 91.7% in 2017 and we target to 98% in 2020, for individual employee we apply OHI (Organizational Health Index) to evaluate risk culture and we plan to setup the new model to evaluate risk culture more effectiveness in 2020. After the model implementation, we will conduct the semi-structured interview to top management and line manager for aspect behaviours evidence in 2020. The interview shall include Transparency of risk, Acknowledgment of risk, Responsiveness of risk, and Respect of risk. The results will be an input for the model of new aspect behaviour or gap improvement.

Focused training throughout the organization on risk management principles
IRPC has its annual enterprise risk management training rolling as requirement for all business units. Our main audiences are risk manager/risk owner and risk agents from those business units who will act as facilitators and change agents to support risk management activities within their business units. In the future we will set the enterprise risk management course annually Training for all employees to build risk management awareness and culture.

Potential risks reporting throughout the organization
IRPC has many measures implemented to ensure “all the voice” is heard regards risk management. For example, the monthly risk management reporting session, IRPC corruption mailbox (PO BOX 35) for reporting corruption risks, Behavior Based Safety System (BBS) for identifying Safety and Operation risk, Zero Accident Campaign, Lesson Learned to all employee, etc. It is clearly that there is not only whistle blowing mechanism, but also every channels regarding to risk of all employee in every level reach to Corporate Risk Team.

IRPC encourages and cultivates risk management to be a part of an organization culture. The culture embeds knowledge and understanding for the board of directors, managements, and employees on the importance and obligation for practicing standard risk management framework to allow IRPC to grow sustainably and firmly. IRPC has in place dedicated committee to oversee implementation of risk management framework by managements and employees and continuously report the progress in board level, management level, and operation level as well as improving and reviewing management approach in a timely manner. The committee is also responsible for communicating risks throughout the organization through various channels such as Board of Director’s meeting, Management Committee meeting, Function meeting, Operation meeting, Workshop training, E-mail notification, E-learning, ISPIRIT activities and IRPC DNA activities etc.
Regular Education on Risk Management for Non-Executive Directors
IRPC aims to promote and actively cultivate risk culture throughout the organization. Risk training is particularly important for IRPC to enable board for effectiveness in managing and addressing risks. Therefore, IRPC encourages the board continuing education on risk management by supporting them to participating risk training regularly at least once a year. As the trend of cybersecurity is increasingly importance, 14 of IRPC’s board attended risk training on 18 April, 2018. The training was focused on “Cyber Security Risk Management” and conducted by Mr. Suwan Srinuan, Vice President of Information Technology Department.